Add fault rules

pca-nhs · pca-nhs · commit 35a8110ed16e · 2025-09-02T12:02:47.000+01:00
diff --git a/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissing.xml b/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissing.xml
@@ -0,0 +1,14 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerList">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>400</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>BAD_REQUEST</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Missing or Empty NHSD-End-User-Organisation-ODS header.</Value>
+    </AssignVariable>
+</AssignMessage>
diff --git a/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingR4.xml b/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingR4.xml
@@ -0,0 +1,14 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerList">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>400</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>REC_BAD_REQUEST</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Missing or Empty NHSD-End-User-Organisation-ODS header.</Value>
+    </AssignVariable>
+</AssignMessage>
diff --git a/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerList.xml b/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerList.xml
@@ -5,7 +5,7 @@
     </AssignVariable>
     <AssignVariable>
         <Name>op_outcome_issue_code</Name>
-        <Value>forbidden</Value>
+        <Value>FORBIDDEN</Value>
     </AssignVariable>
     <AssignVariable>
         <Name>faultstring</Name>
diff --git a/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListR4.xml b/proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListR4.xml
@@ -0,0 +1,14 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerList">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>403</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>ACCESS_DENIED</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Unauthorised ODS code provided in NHSD-End-User-Organisation-ODS header</Value>
+    </AssignVariable>
+</AssignMessage>
diff --git a/proxies/live/apiproxy/targets/ers-target.xml b/proxies/live/apiproxy/targets/ers-target.xml
@@ -117,58 +117,44 @@
             <Step>
                 <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
             </Step>
-            <Condition>(raisefault.RaiseFault.403Forbidden = true) and (isFhirR4Path = false)</Condition>
+            <Condition>(EUOAllowlistVerify.error_description ~~ ".*Invalid ODS code.*")</Condition>)
         </FaultRule>
         <FaultRule name="single_asid_ods_header_not_in_partner_list_error_fhir_r4">
             <Step>
-                <Condition>(isFhirR4Path = true)</Condition>
-                <Name>AssignMessage.SetOperationOutcomeVariablesR4</Name>
+                <Name>AssignMessage.SetOperationOutcomeVariableR4</Name>
             </Step>
             <Step>
-                <Condition>(isFhirR4Path = false)</Condition>
-                <Name>AssignMessage.SetOperationOutcomeVariablesPreR4</Name>
-            </Step>
-            <Step>
-                <Name>AssignMessage.SetOperationOutcomeIssueIal</Name>
+                <Name>AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListR4</Name>
             </Step>
             <Step>
                 <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
             </Step>
-            <Condition>(raisefault.RaiseFault.401InsufficientIal.failed = true)</Condition>
+            <Condition>(EUOAllowlistVerify.error_description ~~ ".*Invalid ODS code.*") and (isFhirR4Path = true)</Condition>)
         </FaultRule>
         <FaultRule name="single_asid_ods_header_missing_error">
-            <Step>
-                <Condition>(isFhirR4Path = true)</Condition>
-                <Name>AssignMessage.SetOperationOutcomeVariablesR4</Name>
-            </Step>
             <Step>
                 <Condition>(isFhirR4Path = false)</Condition>
                 <Name>AssignMessage.SetOperationOutcomeVariablesPreR4</Name>
             </Step>
             <Step>
-                <Name>AssignMessage.SetOperationOutcomeIssueIal</Name>
+                <Name>AssignMessage.SetOperationOutcomeODSHeaderMissing</Name>
             </Step>
             <Step>
                 <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
             </Step>
-            <Condition>(raisefault.RaiseFault.401InsufficientIal.failed = true)</Condition>
+            <Condition>(EUOAllowlistVerify.error_description ~~ ".*Missing or Empty NHSD-End-User-Organisation-ODS header.*")</Condition>)
         </FaultRule>
         <FaultRule name="single_asid_ods_header_missing_error_fhir_r4">
             <Step>
-                <Condition>(isFhirR4Path = true)</Condition>
-                <Name>AssignMessage.SetOperationOutcomeVariablesR4</Name>
+                <Name>AssignMessage.SetOperationOutcomeVariableR4</Name>
             </Step>
             <Step>
-                <Condition>(isFhirR4Path = false)</Condition>
-                <Name>AssignMessage.SetOperationOutcomeVariablesPreR4</Name>
-            </Step>
-            <Step>
-                <Name>AssignMessage.SetOperationOutcomeIssueIal</Name>
+                <Name>AssignMessage.SetOperationOutcomeODSHeaderMissingR4</Name>
             </Step>
             <Step>
                 <Name>AssignMessage.OperationOutcomeErrorResponse</Name>
             </Step>
-            <Condition>(raisefault.RaiseFault.401InsufficientIal.failed = true)</Condition>
+            <Condition>(EUOAllowlistVerify.error_description ~~ ".*Missing or Empty NHSD-End-User-Organisation-ODS header.*") and (isFhirR4Path = true)</Condition>)
         </FaultRule>
     </FaultRules>
     <PreFlow>
@@ -235,7 +221,7 @@
                     <Condition>(request.header.nhsd-ers-business-function == "AUTHORISED_APPLICATION")</Condition>
             </Step> <Step>
                 <Name>RaiseFault.403Forbidden</Name>
-                <Condition>(EUOAllowlistVerify.verified = false)</Condition>
+                <Condition>(EUOAllowlistVerify.error_description = false)</Condition>
             </Step> <Step>
                 </Step> <Step>
                     <Name>AssignMessage.Set.x-ers-access-mode-header-user-restricted</Name>
